Apple: Update iOS And Mac OS X Immediately To Avoid SIP Security Risk

Apple device users are being urged to update to the latest versions of iOS and OS X to stay protected from a new zero-day vulnerability that is affecting all previous versions of the software.

The flaw affects Apple’s latest protection feature, the System Integrity Protection (SIP), allowing hackers to bypass it and leave devices at risk of cyber-attacks that could steal their data, according to researcher Pedro Vilaça from security firm SentinelOne.

Only the OS X version 10.11.4 and iOS 9.3, both of which were released on earlier this week at Apple’s launch event are not vulnerable, meaning that the vast majority of Apple devices are currently at risk.

At risk

SentinelOne says it reported the vulnerability in January 2016 to Apple, which is why the flaw has been removed from the latest versions of its operating systems.

“This kind of exploit could typically be used in highly targeted or state sponsored attacks,” the company said.

However it’s not yet known if patches for any earlier iOS or OS X versions are planned, with Apple yet to comment officially on the news.

The vulnerability, which is commonly enabled via a phishing attack or browser exploit, allows attackers to escalate their privileges to bypass System Integrity Protection on mobile and laptop devices.

It is able to evade previous software defences thanks to its use of very reliable and stable techniques that traditional detection mechanisms, looking for more obvious warning signs, would miss.

SIP, which Apple says goes further than any of its previous security protection services, is also designed to prevent potentially malicious software from modifying protected files and folders, thus protecting the system from anyone who has root access, authorised or not.

Alongside SIP, Apple also announced a number of other security upgrades for its software this week, including a fix for a high-impact vulnerability in Apple’s Messages app which could have allowed an attacker to read protected messages.

Are you a security pro? Try our quiz!